It seems that security is still – at best – an afterthought for most start-ups as they go about building their Minimum Viable Product (MVP).
We highlighted it earlier in the context of the Internet of Things, but it is true across the board.
Over the past 15 years of working in the cybersecurity industry I have been privileged to have worked with highly intelligent, experienced and articulate colleagues. My experiences in large scale transformation programmes, workshops, interviews, managing both project and operational teams encompass consulting and internal business roles. These experiences led to interactions with hundreds of individuals where I have become aware of some consistent and humorous behaviour types displayed. These include eight positive and negative types including:
In 2018, as many people have predicted, we have seen explosive commercial growth of the Internet of Things (IoT) and wearable technologies. This has created an opportunity for cyber attackers to ply their trade and a new term – ‘Ransomwear’ – has been coined (see recent Symantec research on this). This can be understood as malware delivered through social engineering or pushed directly onto a wearable device.
There is some form of management reality beyond the “100 days” journalistic cliché: How does an incoming executive make an impact in a new role? What are the real timeframes to look at? What can be expected, and over what horizon? What are the key issues that should raise a red flag during the first few months in a new senior position? and those which can be ignored? Those are the themes we will be exploring in this new series around the specific role of the CISO.
The Person, the Role and the Culture of the Firm
"Many CISOs live day to day under the sword of Damocles”
A controversial quote to begin with, I admit. However, in the past few years, data breaches have become more prominent, impacting businesses, governments, healthcare, and even hairdressers! There is no let-up in sight and business leaders must pay attention to the cyber risks they face.
People simply trust other people
This excellent November piece from McKinsey on cyber security deserves a comment (“A Framework for Improving Cybersecurity discussions within Organizations” – Jason Choi / Harrison Lung / James Kaplan).
Security is not about “enabling” the business but “protecting” it
At the end of a keynote speech I gave at the excellent CIOWaterCooler LIVE! Event in London on 28th September 2017 on security organisation, governance and creating the dynamics for change around cyber security, I was asked a challenging question on which I would like to elaborate: